From d8b858fe014e29cc1e30dff57877595e63046e5e Mon Sep 17 00:00:00 2001 From: Alasdair Kergon Date: Tue, 6 Apr 2004 18:53:56 +0000 Subject: [PATCH] add some selinux support --- configure | 49 +++++++++++++++++++++++++++++++++++++++++++++- configure.in | 8 ++++++++ lib/libdm-common.c | 33 +++++++++++++++++++++++++++++++ 3 files changed, 89 insertions(+), 1 deletion(-) diff --git a/configure b/configure index 81ed77c..57fb99b 100755 --- a/configure +++ b/configure @@ -2056,6 +2056,53 @@ fi done +echo $ac_n "checking for is_selinux_enabled in -lselinux""... $ac_c" 1>&6 +echo "configure:2061: checking for is_selinux_enabled in -lselinux" >&5 +ac_lib_var=`echo selinux'_'is_selinux_enabled | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lselinux $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + HAVE_SELINUX=yes +else + echo "$ac_t""no" 1>&6 +HAVE_SELINUX=no +fi + + +if test x$HAVE_SELINUX = xyes; then + CFLAGS="$CFLAGS -DHAVE_SELINUX" + LIBS="-lselinux $LIBS" +fi + echo $ac_n "checking whether to enable internationalisation""... $ac_c" 1>&6 # Check whether --enable-nls or --disable-nls was given. if test "${enable_nls+set}" = set; then @@ -2073,7 +2120,7 @@ if test x$INTL = xyes; then # Extract the first word of "msgfmt", so it can be a program name with args. set dummy msgfmt; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2077: checking for $ac_word" >&5 +echo "configure:2124: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_MSGFMT'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else diff --git a/configure.in b/configure.in index a546f4e..b5ef713 100644 --- a/configure.in +++ b/configure.in @@ -102,6 +102,14 @@ AC_CHECK_FUNCS(mkdir rmdir uname) dnl Check for getopt AC_CHECK_HEADERS(getopt.h, CFLAGS="$CFLAGS -DHAVE_GETOPTLONG") +dnl Check for is_selinux_enabled +AC_CHECK_LIB(selinux, is_selinux_enabled, HAVE_SELINUX=yes, HAVE_SELINUX=no) + +if test x$HAVE_SELINUX = xyes; then + CFLAGS="$CFLAGS -DHAVE_SELINUX" + LIBS="-lselinux $LIBS" +fi + echo $ac_n "checking whether to enable internationalisation""... $ac_c" 1>&6 dnl Internationalisation stuff AC_ARG_ENABLE(nls, [ --enable-nls Enable Native Language Support],\ diff --git a/lib/libdm-common.c b/lib/libdm-common.c index 6892b28..86afb07 100644 --- a/lib/libdm-common.c +++ b/lib/libdm-common.c @@ -29,6 +29,10 @@ #include #include +#ifdef HAVE_SELINUX +# include +#endif + #define DEV_DIR "/dev/" static char _dm_dir[PATH_MAX] = DEV_DIR DM_DIR; @@ -197,6 +201,31 @@ int dm_task_add_target(struct dm_task *dmt, uint64_t start, uint64_t size, return 1; } +#ifdef HAVE_SELINUX +static int _set_selinux_context(const char *path) +{ + security_context_t scontext; + + log_debug("Setting SELinux context for %s", path); + if (is_selinux_enabled() <= 0) + return 0; + + if (matchpathcon(path, 0, &scontext) < 0) { + log_error("%s: matchpathcon failed: %s", path, strerror(errno)); + return 0; + } + + if (lsetfilecon(path, scontext) < 0) { + log_error("%s: lsetfilecon failed: %s", path, strerror(errno)); + free(scontext); + return 0; + } + + free(scontext); + return 1; +} +#endif + static int _add_dev_node(const char *dev_name, uint32_t major, uint32_t minor) { char path[PATH_MAX]; @@ -226,6 +255,10 @@ static int _add_dev_node(const char *dev_name, uint32_t major, uint32_t minor) log_error("Unable to make device node for '%s'", dev_name); return 0; } +#ifdef HAVE_SELINUX + if (!_set_selinux_context(path)) + return 0; +#endif return 1; } -- 2.43.5